Deloitte Insights Video

Many industries today are moving in one of two directions: They’re either splintering into ecosystems made up of many small, niche players or consolidating around just a few large corporations, according to John Hagel and John Seely Brown, co-chairs of Deloitte LLP’s Center for the Edge. This dynamic is dramatically changing the way companies operate and compete, and large organizations in particular will have to adjust their growth strategies as a result.

Traditional office-centric and campus working models support collaboration and creativity, but offer little employee flexibility. Conversely, virtual models offer flexibility and other benefits, but can erode company culture. This Deloitte University Press video examines the potential and viability of a hybrid working model that encompasses the strengths of each.

Young consumers weaned on 24/7 connectivity and convenience have very different expectations of automobile technology and ownership, according to findings from Deloitte’s 2014 Global Automotive Consumer Study. These and other generational shifts in consumer opinion are challenging automotive companies to engage potential customers in new ways.

President Barack Obama stepped up efforts in January to encourage the public and private sectors to more readily share cyber threat information, yet many organizations have legitimate reasons for their reluctance to collaborate. Focusing on shared cyber risks, rather than competing agendas, may help both sides come together and overcome their information-sharing challenges.

CIOs have the most experience among executive team members in addressing cyber security, yet many still hold a narrow view of the activities associated with cyber incident response. CIOs who step up and take an enterprisewide, risk-based view of cyber resilience may bolster their organizations’ response and recovery capabilities while mitigating their own personal career risk should an event occur.

About this blog

About Deloitte Insights

Deloitte Insights for CIOs couples broad business insights with deep technical knowledge to help executives drive business and technology strategy, support business transformation, and enhance growth and productivity. Through fact-based research, technology perspectives and analyses, case studies and more, Deloitte Insights for CIOs informs the essential conversations in global, technology-led organizations.

Technology Building Blocks of Proactive Cyber Security

Today’s cyber criminals target specific organizations by deploying a set of sophisticated techniques that routinely evade many of the security controls established over the last several years. This new reality of cyber threats requires a new attitude around security and privacy—and new technology to support it. Technology solutions should continue to allow an organization to anticipate and prevent attacks when possible; however, they should also provide advanced capabilities for isolating and encapsulating intrusions to reduce their impact. By so doing, solutions will mature from managing incidents to allowing for the automated identification, prevention, and closure of risks.

What are the technology building blocks of a battle-ready cyber threat program?

Identity, Credential, and Access Management (ICAM). Core security requirements continue to be critically important, building from traditional enterprise ICAM solutions. These solutions allow organizations to authenticate users, assets, and systems; manage entitlements; and encrypt data at rest, in flight, and in use. These requirements (and others such as for managing vulnerabilities, assets, and patches) help form the foundation of technical risk management and are table stakes for developing an advanced cyber intelligence capability. Many leading organizations are also integrating logical and physical security. This helps to create a unified view of authorization and entitlements for individuals, and provide a more comprehensive perspective on the threat landscape.

Threat analysis. Organizations need to automate their analysis of threats to the network and have the capability to collect intelligence from “honeypots” or other baiting operations. This can require having dynamic and continuously evolving threat registries, as well as dedicated security analysts who can correlate external threat intelligence with internal analysis based on knowledge of the business.

Security Information & Event Management (SIEM) solutions. Detailed logging and SIEM solutions are also table stakes for building advanced cyber threat management capabilities. By combining the stream of event data with internal and external intelligence, organizations can correlate, analyze, and subsequently detect threats that could otherwise go unnoticed. A SIEM solution can also serve as a fundamental building block for developing a threat defense architecture and related automation to monitor the evolving threat landscape. It can also help organizations take precautionary measures before incidents occur. When incidents occur, event data is critical for assessing what has transpired and responding in a timely manner.

Asset protection. To protect physical assets, organizations should focus on maintaining inventory, monitoring usage, and promoting firmware and operating environment updates to servers, desktops, mobile devices, and equipment. For digital assets, they should classify, encrypt, and protect structured, semi-structured, and unstructured content to prevent it from being accessed or manipulated.

Intelligence sources. Organizations need to develop sources for intelligence internally and externally. Open source and commercial intelligence is available regarding known botnet signatures, malicious IPs, hostile domains, and malicious hash values, for example. Organizations can also harvest data from internal systems by using SIEM solutions, as well as directly from infrastructure components (for example, DNS lookup data, DHCP lease information, and proxy logs).

Data collection and analysis solutions allow for automated crawling of, and information parsing from, Web logs, email, RSS readers, social networks, and transactional system activity. Cyber analytics—linked to threat rosters and known business risks and fraud issues—can be used to identify potential areas of escalating risk.

Forensics and analytics. To render the intelligence actionable, organizations should apply cyber forensics and analytics to develop a cyber threat intelligence database and analyst portal with integrated threat-response playbooks. Cultivating strong relationships with security researchers, law enforcement, and community emergency response teams (CERTs) allows organizations to share information and extend their network—which can be critical during an investigation and network takedown. Finally, they should seek to shore up the cyber security of the supply chain, operations, personnel, and facilities.

***

Technology is only part of the overall cyber security solution. Building an intelligence-driven, proactive cyber program requires a systematic enterprise-wide approach—equal parts governance, change management, process redesign, and technology.